If you did some Christmas shopping at Target over the last few weeks, you’ll want to pay close attention to your credit card statements, as the retailer is dealing with a major data breach.

Target is just now confirming the security breach that resulted in compromised credit card information, but some of the details are still missing. Here’s what we know so far, and what Target shoppers should be aware of:

Who is affected?

Target says 40 million credit and debit cards may have been compromised. If you shopped at a U.S. Target store between November 27 and December 15, you should assume you’re at risk and keep a close watch on your account statements. It’s not clear whether every Target store was affected, but at least one card issuer says it’s seeing signs of fraud all over the United States, according to Krebs on Security. You’re not in any danger if you shopped at Target’s website, or one of the company’s Canada stores.

What information was taken?

Target says the attackers gained access to customer names, credit card or debit card numbers, card expiration dates and CVV security codes. Krebs on Security and the Wall Street Journal report that the thieves accessed data from the magnetic stripes stored on the back of credit and debit cards.

What’s the risk for Target shoppers?

The attackers could use magnetic stripe data to create counterfeit payment cards. The Wall Street Journal notes that crime rings often use these counterfeits to purchase gift cards at major retailers, and then convert them back to cash. The attackers could also withdraw cash from ATMs if they managed to steal PIN data from debit transactions, Krebs on Security notes.

What the heck? How did this happen?

Security breaches often involve hacking into a company’s servers and making off with the data, but the Target breach appears to be different. According to the Wall Street Journal, this theft “may have involved tampering with the machines customers use to swipe their cards when making purchases.” How the thieves were able to compromise payment terminals on such a large scale is unclear.

What should Target shoppers do now?

Target recommends keeping an eye on your credit or debit card statements and calling your bank or card provider if you see any fraudulent activity. As a general rule, you should get a copy of your credit report periodically by visiting AnnualCreditReport.com or calling (877) 322-8228. You can also set up a fraud alert through the three nationwide credit reporting agencies, Equifax, Experian and Transunion.

The problem, as one Krebs on Security commenter points out, is that automatic fraud detection could fail if the thieves are able to localize the stolen card details and make purchases near where cardholders live. The only guaranteed way to avoid fraud is to cancel your card and get a new card number, but that might not be necessary if you keep a close watch on your statements.

What is Target doing about the breach?

The retailer says it has “moved swiftly to address this issue so guests can shop with confidence,” and has also hired a third party forensics firm to investigate. The Secret Service is also investigating, as it often does for large-scale credit card data hacking.

How common is this sort of thing?

Too common, unfortunately. A 2007 security breach at T.J. Maxx resulted in the theft of card numbers and personal data for roughly 90 million customers. Worth noting in that case is that the original estimate was just 45.7 million affected customers — still enough to be the largest payment card security breach ever at the time. Federal prosecutors are also still investigating a group of security breaches that resulted in more than 160 million stolen credit and debit card numbers, from companies including J.C. Penney, 7-Eleven and JetBlue. A breach of Heartland Payment Systems in 2009 resulted in stolen data on more than 130 million cards.

my credit card just got compromised and due to target .I saw weird and large amounts of cash transfers to western union from my bank when scrolling through my phone. I was lucky My bank took action and my money was recovered. I CAN'T SHOP TARGET ANYMORE its a shame but who can assure me this wont happen to me again. I keep hearing the corporate mention that they hired third part staff to take action for preventing these issues in the future Its all bull crap I just learned of two patients that recently got hacked. I WANT NOTHING TO DO WITH TARGET

Due to this target scam, (Rushcard the worst company ever) sent out replacement cards due to this target ordeal and they dont inform you and then they block your card until you get a new one which leaves you without your money until you renew your card which can take weeks! Many people are left broke and without paychecks because they rely on this card which they are unable to use now!

TODAY "I" was notified by my bank that my debit/charge card was one of many that had been compromised due to "TARGET." Thanks a lot, now I have to travel 45 minutes away to sign documents , then go back another day to pick up a new card. So that means 2 days off of work due to Targets inability to protect their customers . Not only 2 days of being off of work with NO PAY but 2 wasted days traveling and more EXPENSES,GAS IS NOT CHEAP .I am a single mother who needs that work trying to raise my daughter, I cannot even afford to take off to spend quality time with my daughter (father passed away) much less for something

like this that should have never happened. So as of now, my card has been canceled until I go to bank to apply for another one then return to pick it up at a later date.

So today I discovered my card was compromised. A charge for 190.79 went through for SEARS.COM, and a pending charge sits for 262.00 for MEMORYDEPOT.COM. The bank told me that there were still another 4- "PREAUTHORIZED" purchases coming through the system, and that they could not stop them. So I get to first- cancel the card and use my checkbook now (where checks are not accepted all over the place anymore!!), wait 7-11 days for a new card to arrive, and complete a fraud dispute for each charge coming through which is not reviewed or handled for 24-48 hours once received. I am completely inconvenienced by this failure on Target's behalf, and all they are providing is apologies, free credit reports, and sad faces?

In addition, my rent check bounces, the landlord has to wait on their money, and I need to go grocery shopping. On top of it I am a single mother that is not rich!!!

Target needs to do something more than offer free credit reporting services!!!!

My card was compromised, and my credit card was cancelled, but its a debit card where my child support is funded to, and hey target doesn't even give anything to me or people this happened to say hey we are sorry for this so whyyy? should I return to this store??I say GOODBYE TARGET , HELLO WALMART AND KMART!!

So Target is still not bellying up and actual telling what really happened. I love how the experts say check your credit charges... for how long? Who said your hacked info will be used soon...... could be months later. Better to just cancel your effected cards and not get another one from Target. Funny, of what I read, we all will be paying more for Target's blunder in more fees from the credit card companies. And what is not being told.... this has happened other places also, but the Target news has drowned out the other breaches!

It's about time the good old USA gets with the program and spends the money to make our debit/credit cards safe as has the rest of the world. Quit saying it's too expensive to fix which is the same excuse Ford used when told about the position of the fuel tank on the Pinto. They figured it was cheaper to pay law suites than spend money to fix the problem.

How fitting that Target, a company who previously was a favorite of mine became one I recently had to report to the Consumers Financial Protection Bureau for their greedy tactic of charging a late fee when the bill is paid by phone on the due date. At 2:20 pm I called in to make the payment due, only to be told that their billing department is 3 hours ahead so the payment is late as it was made at 5:20 pm...their time. Whatever the due date is, that means due by 11:59 pm anyway...certainly not based on their location time, but rather than the customer's location time.

How is a customer supposed to know where a company's billing department is located? It could even be in China or the Phillippines!!! After trying to reason with the rep, as well as the management about it, and being told, "Sorry, we still have to charge a late fee," I was furious and decided to report them. Most companies even allow a 24-hour grace period for that reason. If Target is treating their employees as badly as they are treating their customers, perhaps it was an angry employee who pulled these security breaches. Wonder how many $millions their CEO is making while Target is paying minimum wages to its employees and making millions on unjustifiable late fees.

For redcard Debit users, one option may be to go back to target and attempt to make a small purchase. Bring your red card and some cash if you would actually like to make the purchase. When you checkout swipe your redcard and intentionally enter the wrong pin a few times. I did this in the past thinking my pin was that of another card. This disabled my redcard until I was able to call customer service and verify my info. You can then either complete the purchase with another payment method such as the cash or decline the purchase and leave. Once customer service is reachable, cancel the disabled card.

If some loser steals my card, Target is responsible for any charges. I sure as hell am not. I've been calling for 2 days, trying to cancel the card. All I have ever gotten is a busy signal. I'm not shopping there again until this is all sorted out and I have a new card.

Make every card transaction go through a unique security code that the owner will punch in after it is swiped to validate the transaction. This will be known only to the card owner so that the rest of the data on the card will be unusable to the thief.

I work for a small internet retailer, and when we try to encourage cardholders to file a police report, they are either disinterested, or the police tell them there is nothing they can do about the fraud. Even when we provide information as to where the fraudulently obtained merchandise was shipped. Law enforcement cannot handle this issue, the horse has left the barn. The banks don't seem to care because either they chargeback the merchant, or get the money from the cardholders. No skin off of their noses.

There needs to be a federal law that mandates card issuers to set up a system in which a PIN used specially for non-card present environments. It's separate from the ATM PIN, but what it would denote to the online merchant accepting the credit card number and CVV that it is the real cardholder attempting a transaction.

@StinkaMN In Canada, most retailers require you to provide the PIN number that accompanies the card when you make a purchase at the register. I was surprised when I moved to Boston and they weren't requiring me to do it. But, I am sure thieves can get that information on line just as easily as they get the CSC number from the back of your credit card. I just had my card compromised. Someone purchased a MAC computer from Bestbuy. I informed Bestbuy immediately and they stopped the order. If you leave it to the banks, they will let them know eventually, but most likely after it's been shipped. We should try and stop these purchases ourselves because fraud and shoplifting is what drives prices up. And it's the customers who ultimately suffer.

@abcgirlYes it is a good practice to contact the merchants directly to cancel the order. If you notice a fraudulent charge you should let the company know asap. When you tell your bank it takes weeks for them to process the chargeback and send that info to the company. And at that point the fraudster would already be enjoying the goods purchased with your money!

Target is full of [fill in the blank] - the breach started long before Nov 27. I have had to cancel 2 cards (different issuing banks) in the last 2 weeks because of fraud. They were cloned and swiped - one used in Milwaukee, the other in Louisiana. I've never been to either of those states. I thought it was incredibly strange that this exact same thing would happen to me twice in 2 weeks on separate cards - what are the chances - so I checked my two statements against each other and the only place I used both cards was Target. But, the latest I used those cards at Target was November 9! I haven't used either card in the US since November 11, as I've been out of the country! I'm furious that this happened to me and that it's inconvenienced me so much (plus I'm out of pocket because I have to pay international Fedex charges to get one of the new cards). But I'm even more furious that Target is lying to the public by saying the breach started Nov 27. If you've used a card at Target any time in November, watch out! Might as well cancel it now!

@sweetpea1I agree. I think they did a "test run" first to see if they could get away with it before black friday weekend. This way they knew it would work. Months ago my mom had two strange charges for several hundred dollars (I think it totaled around $800) on her mastercard. The charges were made at Target stores (and not the one she goes to). Her mastercard never even alerted her--she found out when the bill came in (doesn't do online banking/bill payments) and had to go above and beyond to prove she didn't make the purchases. And there was NO WAY it was her using the card because it was my wedding day and she was with me the whole day/night and we never stepped foot in a Target let alone the ones the charges were made at. Anyway, my point is, she only has that one major credit card and shops at Target semi regularly (maybe every other month at least) so I bet this was done to her card and others like your prior to the big "breach" so the thieves could start small and then go big.

@newmanjb@CrystalPorter@Alyeskan Jared like i said on my reply i'm sure target new a lot sooner than what they are reporting.If they announced it right away there season would have been a wash.How much more of a hit do you think they would have taken if we the customer knew that day or the day after.